EU-US privacy safe harbor no longer safe

Our European colleagues have summarised the recent decision of the European Court of Justice dealing with the EU-US privacy safe harbor.  This is a big deal – the US Secretary of Commerce has been quoted as saying that the decision “puts at risk the thriving trans-Atlantic digital economy”.

The plaintiff in the case, Mr Schrems, objected to Facebook Ireland transferring his data to the US for processing – he was particularly concerned about the prospect that US intelligence services would engage in surveillance activities involving his data, especially following Edward Snowden’s revelations. The ECJ has decided that the decisions of the European Commission under which the safe harbor scheme was established were invalid. This means that European businesses will no longer be able to rely on the safe harbor regime in order to justify the export of personal data from within the EU to the US. Until an alternative to the safe harbor regime is put in place, this means that exports of personal data from Europe to the US are in the same position as exports from Europe to Australia.  This won’t bring business to a halt, but there will undoubtedly be costs associated with putting alternative protections in place.